diff options
author | Jason DeTiberus <jdetiber@redhat.com> | 2015-05-22 13:13:17 -0400 |
---|---|---|
committer | Jason DeTiberus <jdetiber@redhat.com> | 2015-06-10 11:43:47 -0400 |
commit | 94a77cb1d81b6e4e316ae679890df4994816532f (patch) | |
tree | 3a77b836f726f2d972931ae777421888f67aa1ed /roles/openshift_master/templates | |
parent | b57392ddd54bbff225ba83dd5a5bf40ea99344a4 (diff) | |
download | openshift-94a77cb1d81b6e4e316ae679890df4994816532f.tar.gz openshift-94a77cb1d81b6e4e316ae679890df4994816532f.tar.bz2 openshift-94a77cb1d81b6e4e316ae679890df4994816532f.tar.xz openshift-94a77cb1d81b6e4e316ae679890df4994816532f.zip |
Templatize configs and 0.5.2 changes
- Templatize node config
- Templatize master config
- Integrated sdn changes
- Updates for openshift_facts
- Added support for node, master and sdn related changes
- registry_url
- added identity provider facts
- Removed openshift_sdn_* roles
- Install httpd-tools if configuring htpasswd auth
- Remove references to external_id
- Setting external_id interferes with nodes associating with the generated
node object when pre-registering nodes.
- osc/oc and osadm/oadm binary detection in openshift_facts
Misc Changes:
- make non-errata puddle default for byo example
- comment out master in list of nodes in inventory/byo/hosts
- remove non-error errors from fluentd_* roles
- Use admin kubeconfig instead of openshift-client
Diffstat (limited to 'roles/openshift_master/templates')
-rw-r--r-- | roles/openshift_master/templates/master.yaml.v1.j2 | 98 | ||||
-rw-r--r-- | roles/openshift_master/templates/scheduler.json.j2 | 12 | ||||
-rw-r--r-- | roles/openshift_master/templates/v1_partials/oauthConfig.j2 | 78 |
3 files changed, 188 insertions, 0 deletions
diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 new file mode 100644 index 000000000..1c2d37b63 --- /dev/null +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -0,0 +1,98 @@ +apiVersion: v1 +assetConfig: + logoutURL: "" + masterPublicURL: {{ openshift.master.public_api_url }} + publicURL: {{ openshift.master.public_console_url }}/ + servingInfo: + bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.console_port }} + certFile: master.server.crt + clientCA: "" + keyFile: master.server.key +corsAllowedOrigins: +{# TODO: add support for user specified corsAllowedOrigins #} +{% for origin in ['127.0.0.1', 'localhost', openshift.common.hostname, openshift.common.ip, openshift.common.public_hostname, openshift.common.public_ip] %} + - {{ origin }} +{% endfor %} +{% if openshift.master.embedded_dns %} +dnsConfig: + bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.dns_port }} +{% endif %} +etcdClientInfo: + ca: ca.crt + certFile: master.etcd-client.crt + keyFile: master.etcd-client.key + urls: +{% for etcd_url in openshift.master.etcd_urls %} + - {{ etcd_url }} +{% endfor %} +{% if openshift.master.embedded_etcd %} +etcdConfig: + address: {{ openshift.common.hostname }}:{{ openshift.master.etcd_port }} + peerAddress: {{ openshift.common.hostname }}:7001 + peerServingInfo: + bindAddress: {{ openshift.master.bind_addr }}:7001 + certFile: etcd.server.crt + clientCA: ca.crt + keyFile: etcd.server.key + servingInfo: + bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.etcd_port }} + certFile: etcd.server.crt + clientCA: ca.crt + keyFile: etcd.server.key + storageDirectory: {{ openshift_data_dir }}/openshift.local.etcd +{% endif %} +etcdStorageConfig: + kubernetesStoragePrefix: kubernetes.io + kubernetesStorageVersion: v1beta3 + kubernetesStoragePrefix: kubernetes.io + openShiftStorageVersion: v1beta3 +imageConfig: + format: {{ openshift.master.registry_url }} + latest: false +kind: MasterConfig +kubeletClientInfo: +{# TODO: allow user specified kubelet port #} + ca: ca.crt + certFile: master.kubelet-client.crt + keyFile: master.kubelet-client.key + port: 10250 +{% if openshift.master.embedded_kube %} +kubernetesMasterConfig: +{# TODO: support overriding masterCount #} + masterCount: 1 + masterIP: "" + schedulerConfigFile: {{ openshift_master_scheduler_conf }} + servicesSubnet: {{ openshift.master.portal_net }} + staticNodeNames: {{ openshift_node_ips | default([], true) }} +{% endif %} +masterClients: +{# TODO: allow user to set externalKubernetesKubeConfig #} + deployerKubeConfig: openshift-deployer.kubeconfig + externalKubernetesKubeConfig: "" + openshiftLoopbackKubeConfig: openshift-client.kubeconfig +masterPublicURL: {{ openshift.master.public_api_url }} +networkConfig: + clusterNetworkCIDR: {{ openshift.master.sdn_cluster_network_cidr }} + hostSubnetLength: {{ openshift.master.sdn_host_subnet_length }} + networkPluginName: {{ openshift.common.sdn_network_plugin_name }} +{% include 'v1_partials/oauthConfig.j2' %} +policyConfig: + bootstrapPolicyFile: {{ openshift_master_policy }} + openshiftSharedResourcesNamespace: openshift +{# TODO: Allow users to override projectConfig items #} +projectConfig: + defaultNodeSelector: "" + projectRequestMessage: "" + projectRequestTemplate: "" +serviceAccountConfig: + managedNames: + - default + - builder + privateKeyFile: serviceaccounts.private.key + publicKeyFiles: + - serviceaccounts.public.key +servingInfo: + bindAddress: {{ openshift.master.bind_addr }}:{{ openshift.master.api_port }} + certFile: master.server.crt + clientCA: ca.crt + keyFile: master.server.key diff --git a/roles/openshift_master/templates/scheduler.json.j2 b/roles/openshift_master/templates/scheduler.json.j2 new file mode 100644 index 000000000..833e7f3e1 --- /dev/null +++ b/roles/openshift_master/templates/scheduler.json.j2 @@ -0,0 +1,12 @@ +{ + "predicates": [ + {"name": "PodFitsResources"}, + {"name": "PodFitsPorts"}, + {"name": "NoDiskConflict"}, + {"name": "Region", "argument": {"serviceAffinity" : {"labels" : ["region"]}}} + ],"priorities": [ + {"name": "LeastRequestedPriority", "weight": 1}, + {"name": "ServiceSpreadingPriority", "weight": 1}, + {"name": "Zone", "weight" : 2, "argument": {"serviceAntiAffinity" : {"label": "zone"}}} + ] +} diff --git a/roles/openshift_master/templates/v1_partials/oauthConfig.j2 b/roles/openshift_master/templates/v1_partials/oauthConfig.j2 new file mode 100644 index 000000000..f6fd88c65 --- /dev/null +++ b/roles/openshift_master/templates/v1_partials/oauthConfig.j2 @@ -0,0 +1,78 @@ +{% macro identity_provider_config(identity_provider) %} + apiVersion: v1 + kind: {{ identity_provider.kind }} +{% if identity_provider.kind == 'HTPasswdPasswordIdentityProvider' %} + file: {{ identity_provider.filename }} +{% elif identity_provider.kind == 'BasicAuthPasswordIdentityProvider' %} + url: {{ identity_provider.url }} +{% for key in ('ca', 'certFile', 'keyFile') %} +{% if key in identity_provider %} + {{ key }}: {{ identity_provider[key] }}" +{% endif %} +{% endfor %} +{% elif identity_provider.kind == 'RequestHeaderIdentityProvider' %} + headers: {{ identity_provider.headers }} +{% if 'clientCA' in identity_provider %} + clientCA: {{ identity_provider.clientCA }} +{% endif %} +{% elif identity_provider.kind == 'GitHubIdentityProvider' %} + clientID: {{ identity_provider.clientID }} + clientSecret: {{ identity_provider.clientSecret }} +{% elif identity_provider.kind == 'GoogleIdentityProvider' %} + clientID: {{ identity_provider.clientID }} + clientSecret: {{ identity_provider.clientSecret }} +{% if 'hostedDomain' in identity_provider %} + hostedDomain: {{ identity_provider.hostedDomain }} +{% endif %} +{% elif identity_provider.kind == 'OpenIDIdentityProvider' %} + clientID: {{ identity_provider.clientID }} + clientSecret: {{ identity_provider.clientSecret }} + claims: + id: identity_provider.claims.id +{% for claim_key in ('preferredUsername', 'name', 'email') %} +{% if claim_key in identity_provider.claims %} + {{ claim_key }}: {{ identity_provider.claims[claim_key] }} +{% endif %} +{% endfor %} + urls: + authorize: {{ identity_provider.urls.authorize }} + token: {{ identity_provider.urls.token }} +{% if 'userInfo' in identity_provider.urls %} + userInfo: {{ identity_provider.userInfo }} +{% endif %} +{% if 'extraScopes' in identity_provider %} + extraScopes: +{% for scope in identity_provider.extraScopes %} + - {{ scope }} +{% endfor %} +{% endif %} +{% if 'extraAuthorizeParameters' in identity_provider %} + extraAuthorizeParameters: +{% for param_key, param_value in identity_provider.extraAuthorizeParameters.iteritems() %} + {{ param_key }}: {{ param_value }} +{% endfor %} +{% endif %} +{% endif %} +{% endmacro %} +oauthConfig: + assetPublicURL: {{ openshift.master.public_console_url }}/ + grantConfig: + method: {{ openshift.master.oauth_grant_method }} + identityProviders: +{% for identity_provider in openshift.master.identity_providers %} + - name: {{ identity_provider.name }} + challenge: {{ identity_provider.challenge }} + login: {{ identity_provider.login }} + provider: +{{ identity_provider_config(identity_provider) }} +{%- endfor %} + masterPublicURL: {{ openshift.master.public_api_url }} + masterURL: {{ openshift.master.api_url }} + sessionConfig: + sessionMaxAgeSeconds: {{ openshift.master.session_max_seconds }} + sessionName: {{ openshift.master.session_name }} + sessionSecretsFile: {{ openshift.master.session_secrets_file }} + tokenConfig: + accessTokenMaxAgeSeconds: {{ openshift.master.access_token_max_seconds }} + authorizeTokenMaxAgeSeconds: {{ openshift.master.auth_token_max_seconds }} +{# Comment to preserve newline after authorizeTokenMaxAgeSeconds #} |